Nigeria Regulates Data Privacy: African and Global Significance
(2019) 158 Privacy Laws & Business International Report, 23-25
5 Pages Posted: 20 Jun 2019 Last revised: 16 Aug 2019
Date Written: April 10, 2019
The regulation of data privacy by Nigeria, the most populous country in Africa, is an event of significance in the evolution of the world’s data privacy laws. The Nigerian Information Technology Development Agency (NITDA) issued the Nigerian Data Protection Regulation 2019 (‘the Regulation’) on 25 January 2019, coming into effect immediately. There is some doubt as to whether the Regulation is ultra vires. The Digital Rights and Freedom Bill, which passed both houses of the Nigerian Parliament in 2018, was in March 2019 refused signature by the newly re-elected President. The Regulation may make Nigeria the 10th of fifteen ECOWAS states to comply with that obligations of the ECOWAS Supplementary Act.
This article examines the Regulation in comparison with the EU's General Data Protection Regulation (GDPR). The scope of the Regulation is the same as for the GDPR on most important issues, except extra-territorial effect. Its enforcement and regulatory mechanisms are quite different, because no independent DPA is established.The NITDA decides whether a foreign country ‘ensures an adequate level of protection’, but this is subject to the ‘supervision’ of the Attorney-General. Many GDPR-like obligations on data controllers, and data subject rights, are provided.
The article concludes that this law has more common features with the GDPR than most of the other 23 data privacy laws in Africa, but has many significant limitations.
Keywords: Africa, Nigeria, data protection, privacy
Suggested Citation: Suggested Citation